From ea02e0acfaab93219359448a66edff365aef4ca5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Tue, 1 Jun 2021 17:35:09 +0200 Subject: [PATCH] libselinux: improve getcon(3) man page MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Improve formatting of section DESCRIPTION by adding list points. Mention errno is set on failure. Mention the returned context might be NULL if SELinux is not enabled. Align setcon/_raw parameter by adding const. Signed-off-by: Christian Göttsche Acked-by: Petr Lautrbach --- libselinux/man/man3/getcon.3 | 45 +++++++++++++++++++++++++----------- 1 file changed, 31 insertions(+), 14 deletions(-) diff --git a/libselinux/man/man3/getcon.3 b/libselinux/man/man3/getcon.3 index 67872a4d..e7e394f3 100644 --- a/libselinux/man/man3/getcon.3 +++ b/libselinux/man/man3/getcon.3 @@ -7,7 +7,7 @@ freecon, freeconary \- free memory associated with SELinux security contexts getpeercon \- get security context of a peer socket setcon \- set current security context of a process -. + .SH "SYNOPSIS" .B #include .sp @@ -31,30 +31,39 @@ setcon \- set current security context of a process .sp .BI "void freeconary(char **" con ); .sp -.BI "int setcon(char *" context ); +.BI "int setcon(const char *" context ); .sp -.BI "int setcon_raw(char *" context ); -. +.BI "int setcon_raw(const char *" context ); + .SH "DESCRIPTION" +.TP .BR getcon () retrieves the context of the current process, which must be free'd with -freecon. +.BR freecon (). +.TP .BR getprevcon () same as getcon but gets the context before the last exec. +.TP .BR getpidcon () -returns the process context for the specified PID. - -.BR getpeercon () -retrieves context of peer socket, and set -.BI * context -to refer to it, which must be free'd with +returns the process context for the specified PID, which must be free'd with .BR freecon (). +.TP +.BR getpeercon () +retrieves the context of the peer socket, which must be free'd with +.BR freecon (). + +.TP .BR freecon () frees the memory allocated for a security context. +If +.I con +is NULL, no operation is performed. + +.TP .BR freeconary () frees the memory allocated for a context array. @@ -62,6 +71,7 @@ If .I con is NULL, no operation is performed. +.TP .BR setcon () sets the current security context of the process to a new value. Note that use of this function requires that the entire application be @@ -110,6 +120,8 @@ context and the .BR setcon () will fail if it is not allowed by policy. +.TP +.BR *_raw() .BR getcon_raw (), .BR getprevcon_raw (), .BR getpidcon_raw (), @@ -118,9 +130,14 @@ and .BR setcon_raw () behave identically to their non-raw counterparts but do not perform context translation. -. + .SH "RETURN VALUE" -On error \-1 is returned. On success 0 is returned. -. +On error \-1 is returned with errno set. On success 0 is returned. + +.SH "NOTES" +The retrieval functions might return success and set +.I *context +to NULL if and only if SELinux is not enabled. + .SH "SEE ALSO" .BR selinux "(8), " setexeccon "(3)"